A developer offering a sandboxed app could therefore offer a downloadable set of AppleScripts from its own website. If the user then installs those scripts in the proper location, those scripts can be freely run by the user within the app, with no special entitlements needed. That's because the user needed to intentionally install those scripts and then trigger their execution. Because Apple considers the user the ultimate authority over his or her own Mac, the script will be allowed to run.
Developers who worry about whether users will install scripts in the right place will be able to create installers that place the scripts correctly; if the user runs and authorizes the installer (Mac OS X asks users to enter their password when an app is installed to give permission), that's treated as permission to put the scripts in the right place.
Gatekeeper: I noted previously that user-created AppleScripts will run without problems. But apps from other sources that use scripts might trigger a Gatekeeper warning: If they are distributed online without an Apple-approved developer signature, Gatekeeper will alert the user to the issue.
Developers hoping to avoid run-ins with Gatekeeper for their app-based scripts will be able to do so, thanks to a new archive format offered with Mountain Lion called XIP. Although applications and droplets can't be signed directly, XIP archives can be. By enclosing scripts (or custom Automator actions) within XIP archives, developers can sign the actions and distribute them without raising Gatekeeper's ire.